package com.zbiti.anvil.basic.admin.gateway.common.sso;

import com.zbiti.framework.security.autoconfigure.sso.AnvilSsoAuthenticationSecurityConfig;
import com.zbiti.framework.security.core.sso.ISsoPrincipalResolveProvider;
import org.springframework.security.authentication.BadCredentialsException;

/**
 * 单点登录凭据解析器
 *
 * <pre>
 *     本样例为将对用户名进行一定逻辑的加密后，本系统进行解密验证，只要能成功解析出本系统的用户名即表示登录成功
 *     其他模式的登录，比如短信登录、OAuth2登录、第三方登录等等，都可以按照标准的SpringSecurity写法即可
 *     可参考:
 *          {@link com.zbiti.framework.security.autoconfigure.sso.AnvilSsoAuthenticationSecurityConfig}
 *          {@link com.zbiti.framework.security.core.sso.SsoAuthenticationFilter}
 *          {@link com.zbiti.framework.security.core.sso.SsoAuthenticationProvider}
 *          {@link com.zbiti.framework.security.core.sso.SsoAuthenticationToken}
 * </pre>
 *
 * @author Fanyc
 * @date 2021-04-01 17:36
 */
//@Component
public class SsoPrincipalResolveProvider implements ISsoPrincipalResolveProvider {

    /**
     * 解析单点登录的凭据，如果不合法则抛出异常，如果正常走完则返回非空登录名
     *
     * @param principal 凭据
     * @return 解析出的本系统登录名
     */
    @Override
    public String resolveSsoPrincipal(Object principal) {
        // UNFINISHED: 由各个业务系统完成，此处只演示逻辑为凭据是1234554321则表示用户anvil
        String token = (String) principal;
        if ("1234554321".equals(token)) {
            return "anvil";
        }
        throw new BadCredentialsException("登录凭据不正确");
    }
}
